CVE-2015-2739Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources
Severity
10.0CRITICALNVD
EPSS
1.1%
top 22.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Mozilla FirefoxMozilla ThunderbirdCanonical Ubuntu Linux+6 more
Timeline
PublishedJul 6
Latest updateMay 17

Description

The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages9 packages

Ubuntumozilla/firefox< 39.0+build5-0ubuntu0.14.04.1
NVDmozilla/firefox38.1.0+8
NVDmozilla/firefox_esr7 versions+6
Ubuntumozilla/thunderbird< 1:31.8.0+build1-0ubuntu0.14.04.1

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 14.10, 15.04

🔴Vulnerability Details

3
GHSA
GHSA-9cj8-vh3h-553j: The ArrayBufferBuilder::append function in Mozilla Firefox before 392022-05-17
CVEList
CVE-2015-2739: The ArrayBufferBuilder::append function in Mozilla Firefox before 392015-07-06
OSV
CVE-2015-2739: The ArrayBufferBuilder::append function in Mozilla Firefox before 392015-07-05

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2015-07-20
Ubuntu
Firefox vulnerabilities2015-07-15
Ubuntu
Firefox vulnerabilities2015-07-09
Red Hat
Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)2015-07-02

💬Community

1
Bugzilla
CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)2015-06-30
CVE-2015-2739 — Mozilla Firefox vulnerability | cvebase